Acidus wrote:
That's quite an image, isn't it? It's ISS CEO Tom Noonan holding a silver bullet, announcing the Proventia IPS product in the October 2003 issue of ISS' Connect magazine. Raise your hand if you think IPS or anything else ISS has produced is a silver bullet. No takers?
I don't mention this to criticize ISS, specifically. Rather, I'd like to emphasize the importance of proper frames of reference when considering security.
HAHA! I've enjoyed Richard Bejtlich's humor for a while now, but this was too good not to post.
Kidding aside, Richard raises a good point that nothing in security is a silver bullet. Not an application, not a WAF, not WebInspect, not security as a service, nothing. Security must be layered, composed of many and varied products and defenses. Anyone who says otherwise is a charlatan.
what you describe sounds like a biological immune system 'cause I figure that if biology can't evolve some magical bullet defense then ....